[nsp] Re: no AS# in netflow data on 7500
Danny McPherson
danny at tcb.net
Wed May 19 10:20:13 EDT 2004
On May 19, 2004, at 8:17 AM, Marko Milivojevic wrote:
>> Maybe. I didn't try it on an internal box either, but I'd guess that
>> if
> the
>> router has AS-based info (via iBGP or eBGP), it would fill in what it
> knows.
>> However, I've guessed wrong before about what routers should do. ;^)
>
> Well, it sounds logical that peer-as would be ASN of the router
> the flow
> came from. If the flow came from internal router, it *should* be 0,
> unless
> some magic is involved :-).
The offshot with this is that the exported peer_as value is derived
from the BGP best path (Loc-RIB) entry and if multiple paths exists
it may report that the flow was received from a peer AS which
didn't actually send the data. Coupling flow export/collection with
ifIndex at the network ingress perimeter helps alleviate some of this.
-danny
More information about the cisco-nsp
mailing list